From a3d0ee7754397443a449a5916e709ed0f8660ef1 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 29 Sep 2017 10:43:29 +0200
Subject: [PATCH] Do not hardcode debian specifics in staticsync scripts, make
 them use a conffile

---
 .../files/static-mirroring/static-master-run  | 19 ++++++++++++++++---
 .../static-master-update-component            | 14 +++++++++-----
 .../static-mirroring/static-mirror-run-all    |  8 +++++++-
 .../static-mirroring/static-update-component  |  9 +++++++--
 .../static-mirroring/staticsync-ssh-wrap      |  8 +++++++-
 modules/roles/manifests/static_base.pp        | 12 ++++++++++++
 6 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/modules/roles/files/static-mirroring/static-master-run b/modules/roles/files/static-mirroring/static-master-run
index e2a583e9e..e7e8b2d92 100755
--- a/modules/roles/files/static-mirroring/static-master-run
+++ b/modules/roles/files/static-mirroring/static-master-run
@@ -9,10 +9,23 @@ import sys
 import tempfile
 import time
 
-base="/srv/static.debian.org"
 serialname = '.serial'
 had_warnings = False
 
+conffile = '/etc/staticsync.conf'
+config={}
+
+with open(conffile) as f:
+  for line in f:
+    line = line.rstrip()
+    if not line or line.startswith("#"): continue
+    (name, value) = line.split("=")
+    config[name] = value
+
+for key in ('base'):
+  if not key in config:
+    raise Exception("Configuration element '%s' not found in config file %s", key, conffile)
+
 allclients = set()
 with open('/etc/static-clients.conf') as f:
   for line in f:
@@ -106,7 +119,7 @@ def callout(component, serial, clients):
     stage2(pipes, status, 'abort', clients)
     return False
 
-  failedmirrorsfile = os.path.join(base, 'master', component + "-failedmirrors")
+  failedmirrorsfile = os.path.join(config['base'], 'master', component + "-failedmirrors")
   if 'failed' in cnt:
     log("WARNING: %d clients failed!  Continuing anyway!"%(cnt['failed'],))
     global had_warnings
@@ -152,7 +165,7 @@ def run_mirror(component):
   clients = allclients - meta['extraignoreclients']
 
   # setup
-  basemaster = os.path.join(base, 'master')
+  basemaster = os.path.join(config['base'], 'master')
   componentdir = os.path.join(basemaster, component)
   cur = componentdir + '-current-push'
   live = componentdir + '-current-live'
diff --git a/modules/roles/files/static-mirroring/static-master-update-component b/modules/roles/files/static-mirroring/static-master-update-component
index 64836ba2b..2d397df27 100755
--- a/modules/roles/files/static-mirroring/static-master-update-component
+++ b/modules/roles/files/static-mirroring/static-master-update-component
@@ -30,12 +30,16 @@
 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
 componentlist=/etc/static-components.conf
-base=/home/staticsync/static-master/master
+. /etc/staticsync.conf
+if ! [ -n "$masterbase" ]; then
+  echo >&2 "masterbase not configured!"
+  exit 1
+fi
 
 set -e
 set -u
 
-if [ "`id -u`" != "`stat -c %u "$base"`" ]; then
+if [ "`id -u`" != "`stat -c %u "$masterbase"`" ]; then
   echo >&2 "You are probably running this as the wrong user."
   exit 1
 fi
@@ -87,7 +91,7 @@ if [ -z "$srchost" ] || [ -z "$srcdir" ]; then
   echo >&2 "$0: Invalid component: $component (not found in $componentlist)";
   exit 1
 fi
-tgt="$base/$component"
+tgt="$masterbase/$component"
 if ! [ -d "$tgt" ]; then
   echo "$0: Creating $tgt for $component";
   mkdir "$tgt"
@@ -102,8 +106,8 @@ fi
 echo "$0: Acquiring locks..."
 lock 201 "$tgt" 1
 
-tmpdir_new="$(mktemp -d --tmpdir="$base" "${component}-updating.incoming-XXXXXX")"
-tmpdir_old="$(mktemp -d --tmpdir="$base" "${component}-updating.removing-XXXXXX")"
+tmpdir_new="$(mktemp -d --tmpdir="$masterbase" "${component}-updating.incoming-XXXXXX")"
+tmpdir_old="$(mktemp -d --tmpdir="$masterbase" "${component}-updating.removing-XXXXXX")"
 trap "rm -rf '$tmpdir_new' '$tmpdir_old'" EXIT
 chmod 0755 "$tmpdir_new"
 
diff --git a/modules/roles/files/static-mirroring/static-mirror-run-all b/modules/roles/files/static-mirroring/static-mirror-run-all
index b85948f9c..c6aea0c10 100755
--- a/modules/roles/files/static-mirroring/static-mirror-run-all
+++ b/modules/roles/files/static-mirroring/static-mirror-run-all
@@ -25,6 +25,12 @@
 
 set -u
 
+. /etc/staticsync.conf
+if ! [ -n "$base" ]; then
+  echo >&2 "base not configured!"
+  exit 1
+fi
+
 awk -v host="$(hostname -f)" '
   !/^ *(#|$)/ {
     split($6,ignorehosts,",")
@@ -36,5 +42,5 @@ awk -v host="$(hostname -f)" '
     print $1, $2
   }' /etc/static-components.conf |
   while read master component ; do
-    static-mirror-run --one-stage "/srv/static.debian.org/mirrors/$component" "$master:$component/-live-"
+    static-mirror-run --one-stage "$base/mirrors/$component" "$master:$component/-live-"
   done
diff --git a/modules/roles/files/static-mirroring/static-update-component b/modules/roles/files/static-mirroring/static-update-component
index f8ca81ee0..455d17d38 100755
--- a/modules/roles/files/static-mirroring/static-update-component
+++ b/modules/roles/files/static-mirroring/static-update-component
@@ -27,6 +27,11 @@ usage() {
 }
 
 componentlist=/etc/static-components.conf
+. /etc/staticsync.conf
+if ! [ -n "$staticuser" ]; then
+  echo >&2 "staticuser not configured!"
+  exit 1
+fi
 
 if [ "$#" = 1 ]; then
   component="$1"
@@ -72,8 +77,8 @@ if [ "$srchost" = "$thishost" ] && ! [ -d "$srcdir" ]; then
   exit 1
 fi
 
-if [ "`id -nu`" != "staticsync" ]; then
-  sudo -u staticsync static-update-component "$@"
+if [ "`id -nu`" != "$staticuser" ]; then
+  sudo -u "$staticuser" static-update-component "$@"
 else
   ssh -o AddressFamily=inet -t -t -o ServerAliveInterval=300 -o PreferredAuthentications=publickey "$masterhost" static-master-update-component "$component"
 fi
diff --git a/modules/roles/files/static-mirroring/staticsync-ssh-wrap b/modules/roles/files/static-mirroring/staticsync-ssh-wrap
index dfd98c842..a4075471d 100755
--- a/modules/roles/files/static-mirroring/staticsync-ssh-wrap
+++ b/modules/roles/files/static-mirroring/staticsync-ssh-wrap
@@ -24,8 +24,14 @@
 set -e
 set -u
 
+. /etc/staticsync.conf
+if ! [ -n "$base" ]; then
+  echo >&2 "base not configured!"
+  exit 1
+fi
+BASEDIR="$base"
+
 MYLOGNAME="`basename "$0"`[$$]"
-BASEDIR="/srv/static.debian.org"
 COMPONENTLIST=/etc/static-components.conf
 
 usage() {
diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 95ad7d962..fa756d692 100644
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -38,4 +38,16 @@ class roles::static_base {
 		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
 		notarule    => true,
 	}
+
+	file { "/etc/staticsync.conf":
+		content  => @("EOF"),
+				# This file is sourced by bash
+				# and parsed by python
+				#  - empty lines and lines starting with a # are ignored.
+				#  - other lines are key=value.  No extra spaces anywhere.  No quoting.
+				base=/srv/static.debian.org
+				masterbase=/home/staticsync/static-master/master
+				staticuser=staticsync
+				| EOF
+	}
 }
-- 
2.20.1